Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201606-10 ] PHP: Multiple vulnerabilities
Date: Sun, 19 Jun 2016 00:27:17
Message-Id: b004bfb5-9dad-f9f8-9c7d-d346014b1256@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201606-10
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: PHP: Multiple vulnerabilities
9 Date: June 19, 2016
10 Bugs: #537586, #541098, #544186, #544330, #546872, #549538,
11 #552408, #555576, #555830, #556952, #559612, #562882,
12 #571254, #573892, #577376
13 ID: 201606-10
14
15 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
16
17 Synopsis
18 ========
19
20 Multiple vulnerabilities have been found in PHP, the worst of which
21 could lead to arbitrary code execution, or cause a Denial of Service
22 condition.
23
24 Background
25 ==========
26
27 PHP is a widely-used general-purpose scripting language that is
28 especially suited for Web development and can be embedded into HTML.
29
30 Affected packages
31 =================
32
33 -------------------------------------------------------------------
34 Package / Vulnerable / Unaffected
35 -------------------------------------------------------------------
36 1 dev-lang/php < 5.6.19 >= 5.6.19
37 *>= 5.5.33
38
39 Description
40 ===========
41
42 Multiple vulnerabilities have been discovered in PHP. Please review the
43 CVE identifiers referenced below for details.
44
45 Impact
46 ======
47
48 An attacker can possibly execute arbitrary code or create a Denial of
49 Service condition.
50
51 Workaround
52 ==========
53
54 There is no known workaround at this time.
55
56 Resolution
57 ==========
58
59 All PHP 5.4 users should upgrade to the latest 5.5 stable branch, as
60 PHP 5.4 is now masked in Portage:
61
62 # emerge --sync
63 # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
64
65 All PHP 5.5 users should upgrade to the latest version:
66
67 # emerge --sync
68 # emerge --ask --oneshot --verbose ">=dev=lang/php-5.5.33"
69
70 All PHP 5.6 users should upgrade to the latest version:
71
72 # emerge --sync
73 # emerge --ask --oneshot --verbose ">=dev=lang/php-5.6.19"
74
75 References
76 ==========
77
78 [ 1 ] CVE-2013-6501
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6501
80 [ 2 ] CVE-2014-9705
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705
82 [ 3 ] CVE-2014-9709
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9709
84 [ 4 ] CVE-2015-0231
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231
86 [ 5 ] CVE-2015-0273
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273
88 [ 6 ] CVE-2015-1351
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1351
90 [ 7 ] CVE-2015-1352
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1352
92 [ 8 ] CVE-2015-2301
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2301
94 [ 9 ] CVE-2015-2348
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348
96 [ 10 ] CVE-2015-2783
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2783
98 [ 11 ] CVE-2015-2787
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787
100 [ 12 ] CVE-2015-3329
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3329
102 [ 13 ] CVE-2015-3330
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3330
104 [ 14 ] CVE-2015-4021
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4021
106 [ 15 ] CVE-2015-4022
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4022
108 [ 16 ] CVE-2015-4025
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4025
110 [ 17 ] CVE-2015-4026
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4026
112 [ 18 ] CVE-2015-4147
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147
114 [ 19 ] CVE-2015-4148
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148
116 [ 20 ] CVE-2015-4642
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4642
118 [ 21 ] CVE-2015-4643
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4643
120 [ 22 ] CVE-2015-4644
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4644
122 [ 23 ] CVE-2015-6831
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6831
124 [ 24 ] CVE-2015-6832
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6832
126 [ 25 ] CVE-2015-6833
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6833
128 [ 26 ] CVE-2015-6834
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6834
130 [ 27 ] CVE-2015-6835
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6835
132 [ 28 ] CVE-2015-6836
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6836
134 [ 29 ] CVE-2015-6837
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6837
136 [ 30 ] CVE-2015-6838
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-6838
138 [ 31 ] CVE-2015-7803
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7803
140 [ 32 ] CVE-2015-7804
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-7804
142
143 Availability
144 ============
145
146 This GLSA and any updates to it are available for viewing at
147 the Gentoo Security Website:
148
149 https://security.gentoo.org/glsa/201606-10
150
151 Concerns?
152 =========
153
154 Security is a primary focus of Gentoo Linux and ensuring the
155 confidentiality and security of our users' machines is of utmost
156 importance to us. Any security concerns should be addressed to
157 security@g.o or alternatively, you may file a bug at
158 https://bugs.gentoo.org.
159
160 License
161 =======
162
163 Copyright 2016 Gentoo Foundation, Inc; referenced text
164 belongs to its owner(s).
165
166 The contents of this document are licensed under the
167 Creative Commons - Attribution / Share Alike license.
168
169 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups